The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previously undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service.
“The threat actor sent their commands through the Golang backdoor that is using the Ably service,” the AhnLab Security Emergency response Center (ASEC) said in a technical report. “The API key value required for command communication was saved in a GitHub repository.”
ScarCruft is a state-sponsored outfit with links to North Korea’s Ministry of State Security (MSS). It’s known to be active since at least 2012.
images from Hacker News
Recent Comments